Becoming a respected penetration tester or certified ethical hacker is an excellent career goal. With the ever-present threat of cybercriminals and rapid evolution of attack techniques, many companies have realized one of the best strategies for keeping data secure is testing their own systems against the same methods used by hackers and cybercriminals.
The actual execution of a penetration test is a highly technical task. It also requires proper, ethical conduct and good report writing/communications skills. Many professionals become pentesters on their own, developing hacking skills by self-study and trial and error. While that can take care of the technical proficiency part of the job, in today’s market, it may not be enough to secure a good paying job.
A good alternative that will let professionals develop their technical skills, adhere to an ethical code of conduct, and even prove they can create meaningful reports is earning an ethical hacker certification.
Here are five pentesting certifications that will help you stand out in your field.
- EC-Council Certified Ethical Hacker (CEH)
The International Council of E-Commerce Consultants (EC-Council) certifies individuals in various e-business and information security skills. The CEH certification establishes and governs the minimum standards for professional ethical hackers. It also reinforces the fact ethical hacking is a unique and self-regulating profession.
The vendor-neutral CEH credential certifies individuals in the specific network security discipline of ethical hacking. It is much more technical than the certifications discussed later in this article, requiring familiarity with techniques such as:
- Footprinting and reconnaissance
- Scanning networks
- Host enumeration
- System hacking
- Malware threats
- Evading IDS
- Firewalls and honeypots
- Using sniffers
- Social engineering
- Denial of service attacks
- Session hijacking
- Hacking web servers
- Hacking web applications
- SQL injection
- Hacking wireless networks
- Hacking mobile platforms
- Cloud computing
- EC-Council Licensed Penetration Tester (LPT) Master
The LPT is the capstone to EC-Council’s entire information security track, going well beyond the simple consolidation of the knowledge required for the CEH and CySA certifications. It is the ultimate test of your practical skills as a penetration tester.
To earn this certification, you are required to conduct a full black-box penetration test of a network provided to you by EC-Council. This means following the entire process (reconnaissance, scanning, enumeration, gaining access and maintaining access) and then actually exploiting vulnerabilities.
Sound like a tough challenge? It does not stop there! You still must fully document your actions in a complete, professional penetration test report. Your report will also be graded by other penetration testing professionals that already have EC-Council’s LPT credential.
- Global Information Assurance Certification Penetration Tester (GPEN)
The Global Information Assurance Certification (GIAC) was founded in 1999 to validate the skills of information security professionals. The GPEN certification validates your expertise in assessing target networks and systems to find security vulnerabilities. GPEN topics include penetration-testing methodologies, legal issues surrounding penetration testing, how to properly conduct a penetration test and best-practice technical and non-technical techniques specific to penetration testing.
To pass this exam, you must demonstrate the fundamental concepts associated with pentesting, including utilizing a process-oriented approach to pentesting and reporting. You also must demonstrate skills in:
- Password attacks
- Advanced password attacks
- Attacking password hashes
- Exploitation fundamentals
- Initial target scanning
- Moving files with exploits
- Penetration testing using PowerShell
- Penetration testing using the Windows Command Line
- Scanning for targets
- Vulnerability scanning
- Web application attacks
- Web application reconnaissance
- GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
A more advanced certification than the GPEN, the GXPN is designed for professionals who must demonstrate the knowledge, skills and ability to conduct advanced penetration tests. It also demonstrates you understand how to model the abilities of an advanced attacker, how to find significant security flaws in systems, and also how to identify the business risks associated with these flaws.
For this certification, you must demonstrate advanced skills in areas such as:
- Accessing the network
- Advanced fuzzing techniques
- Advanced stack smashing
- Client exploitation and escape
- Crypto for pen testers
- Exploiting the network
- Fuzzing introduction and operation
- Hands-on advanced network attacks and lateral movement
- Hands-on Linux system and memory exploitation
- Hands-on network attacks for penetration testers
- Hands-on Python scripting and fuzzing
- Hands-on Windows system and memory exploitation
- Introduction to memory and dynamic Linux memory
- Introduction to Windows exploitation
- Manipulating the network
- Python and Scapy for pen testers
- Smashing the stack
- Windows overflows
- Offensive Security Certified Professional (OSCP)
The OSCP is yet another great ethical hacking certification. The focus here is teaching penetration testing methodologies and the use of the tools included with the Kali Linux distribution. The OSCP is a 100% hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a controlled environment. This is one of the more technically focused ethical hacking certifications, and is one of the few that requires evidence of practical penetration testing skills.
Mobile Device Penetration Testing
For this certification, you must demonstrate proficiency in multiple information gathering techniques to identify and enumerate targets running various operating systems and services. You also must prove you have the ability to write basic scripts and tools to aid in the penetration testing process, and demonstrate expertise in:
- Analyzing, correcting, modifying, cross-compiling and porting public exploit code
- Remote and client side attacks
- Identification and exploitation of XSS, SQL injection and file inclusion vulnerabilities in web applications
- Deploying tunneling techniques to bypass firewalls
- Creative problem solving and lateral thinking
The OSCP is also famous for its 24-hour challenge, a post-course exercise for candidates. In the challenge, candidates are given 24 hours in an unfamiliar lab, and must successfully complete the exam requirements, including documentation of the procedures used and proof of successful penetration, including special marker files that are changed with each exam.